ehealth EHR Viewer & Integration Joint Service/Access Policy Executive Summary for Authorized Provider Organizations ("APOs")



Similar documents
REQUEST FOR INTEGRATED SERVICES

Privacy and Security Resource Materials for Saskatchewan EMR Physicians: Guidelines, Samples and Templates. Reference Manual

PACS JOINT SERVICES/ACCESS POLICY

EMR and ehr Together for patients and providers. ehealth Conference October 3-4, 2014

Table of Contents. Preface CPSA Position How EMRs and Alberta Netcare are Changing Practice Evolving Standards of Care...

HIPAA Privacy Overview

HIPAA PRIVACY AND SECURITY AWARENESS

Helpful Tips. Privacy Breach Guidelines. September 2010

BENCHMARK MEDICAL LLC, BUSINESS ASSOCIATE AGREEMENT

Somansa Data Security and Regulatory Compliance for Healthcare

Privacy Incident and Breach Management Policy

Oregon Prescription Drug Monitoring Program. Terms & Conditions of Account Use Agreement. Statutory Authority:

BUSINESS ASSOCIATE AGREEMENT

BUSINESS ASSOCIATE AGREEMENT

Alberta Electronic Health Record (EHR) An Alberta Netcare Guide for Authorized Custodians and/or their Authorized Affiliates

Canada Health Infoway

CITIZENS MEDICAL ALERT SERVICE AGREEMENT

HIPAA PRIVACY FOR EMPLOYERS A Comprehensive Introduction. HIPAA Privacy Regulations-General

Table of Contents. Page 1

Fraud, Waste, and Abuse

The Health Information Protection Act

How To Ensure Health Information Is Protected

SCHEDULE "C" to the MEMORANDUM OF UNDERSTANDING BETWEEN ALBERTA HEALTH SERVICES AND THE ALBERTA MEDICAL ASSOCIATION (CMA ALBERTA DIVISION)

Fraud, Waste & Abuse. Training Course for UHCG Employees

HEALTH INFORMATION ACT (HIA) BILL QUESTIONS AND ANSWERS

Texas House Bill 300 & HIPAA. A MainNerve Whitepaper

NOTICE OF PRIVACY PRACTICES TEMPLATE. Sections highlighted in yellow are optional sections, depending on if applicable

ONLINE CREDIT REPORTING S SUITE SOLUTIONS MEMBERSHIP GUIDELINES

SOUTHLAKE DERMATOLOGY 1170 N. Carroll Ave. Southlake, TX Main Fax

SASKATCHEWAN OFFICE OF THE INFORMATION AND PRIVACY COMMISSIONER INVESTIGATION REPORT F Saskatchewan Workers Compensation Board

PIP Quality Improvement Program (QIP) Information Sheet

How To Prepare For A Patient Care System

EHR Contributor Agreement

WDS LIMITED WDS PERSONNEL SHARE TRADING POLICY

Amgen GLOBAL CORPORATE COMPLIANCE POLICY

GlaxoSmithKline Single Sign On Portal for ClearView and Campaign Tracker - Terms of Use

Prince Edward Island Drug Information System. Privacy and Security Awareness Training

HIPAA and the HITECH Act Privacy and Security of Health Information in 2009

SASKATCHEWAN COLLEGE OF PHARMACISTS Electronic Transmission of Prescriptions. Policy Statement and Guidelines for Pharmacists

HIPAA BUSINESS ASSOCIATE AGREEMENT

River Valley Therapy & Sports Medicine, Inc. Notice of Privacy Practices

University Healthcare Physicians Compliance and Privacy Policy

NEWS ALERT WINSTEAD POTENTIAL OPPORTUNITIES FOR HEALTHCARE INDUSTRY UNDER THE AMERICAN RECOVERY AND REINVESTMENT ACT OF May 2009 Winstead PC

Infinedi HIPAA Business Associate Agreement RECITALS SAMPLE

Protecting Saskatchewan data the USA Patriot Act

DEPARTMENTAL POLICY. Northwestern Memorial Hospital

Meaningful Use Audits. NextGen Physician Consulting Services

Physician Champions David C. Kibbe, MD, & Daniel Mongiardo, MD FAQ Responses

Easy Participation for Healthcare Professionals

Public Advisory Statement. The Personally-Controlled Electronic Health Record. Frequently Asked Questions by Consumers

MEDICAID COMPLIANCE POLICY

REPRODUCTIVE ASSOCIATES OF DELAWARE (RAD) NOTICE OF PRIVACY PRACTICES PLEASE REVIEW IT CAREFULLY.

St. John s Hospice. Job Description. Registered Nurse

BUSINESS ASSOCIATE AGREEMENT

PHIPA Potpourri. Judith Goldstein, Legal Counsel Information and Privacy Commissioner/Ontario. IPC Mediators April 21, 2015

HIPAA Business Associate Agreement

Medicare Advantage and Part D Fraud, Waste, and Abuse Training. October 2010

The term Broadway Pet Stores refers we to the owner of the website whose registered office is 6-8 Muswell Hill Broadway, London, N10 3RT.

Health Information Privacy Refresher Training. March 2013

Procedure for Managing a Privacy Breach

UNDERSTANDING THE HIPAA/HITECH BREACH NOTIFICATION RULE 2/25/14

HIPAA BUSINESS ASSOCIATE AGREEMENT

Align Technology. Data Protection Binding Corporate Rules Processor Policy Align Technology, Inc. All rights reserved.

HIPAA Notice of Privacy Practices

QUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN better health cover shouldn t hurt

QUESTIONS AND ANSWERS HEALTHCARE IDENTIFIERS BILL 2010

Population Health Management Program Notice of Privacy Practices from Evolent Health

BUSINESS ASSOCIATE AGREEMENT

Medicare Fraud, Waste, and Abuse Training for Healthcare Professionals

Personal Data (Privacy) Ordinance and Electronic Health Record Sharing System (Points to Note for Healthcare Providers and Healthcare Professionals)

Transcription:

ehealth EHR Viewer & Integration Joint Service/Access Policy July 31, 2013 Version 1.0 1. BACKGROUND: Executive Summary for Authorized Provider Organizations ("APOs") ehealth Saskatchewan ("ehealth") is a Treasury Board Crown Corporation whose mission is to make patient information available electronically to patients and their healthcare team. One of ehealth's key initiatives is the Electronic Health Record Initiative ("EHR Initiative"). The focus of the EHR Initiative is as follows: To bring personal health information together from various sources such as Regional Health Authorities ("RHAs") and pharmacies; To standardize and organize the information for presentation on a client-centric basis; To provide the information to RHAs and Authorized Provider Organizations ("APOs"), such as physician clinics and pharmacies, through system-to-system integration or a webbased viewer. The personal health information brought together through the EHR Initiative (the "EHR Data") includes: Laboratory test results; Prescription drug information; Clinical documents, including discharge summaries; Immunization information; Chronic disease information; and Additional clinical information as added from time to time. Version -, 2013

2. HIGH LEVEL INFORMATION FLOW: Source Systems (Mostly RHAs & Ministry of Health for PIP) ehealth EHR Initiative - Standardize and normalize EHR Data - Organize on a patient-centric basis EHR Integration EHR Viewer Patient Portal* Point of Service Systems RHAs & APOs Healthcare Providers RHAs & APOs Patients (caregivers) * The Patient Portal is not included in the Policy. The Policy is focused on the sharing of information between ehealth and the APOs. The Patient Portal is in the initial planning phases. ehealth will be the trustee under the Health Information Protection Act ("HIPA") for the EHR Data shared with the APOs, with the exception of the Pharmaceutical Information Program ("PIP"). The Ministry of Health will remain as the trustee for PIP under HIPA. Once the EHR Data is shared with an APO through the EHR Integration or EHR Viewer, the APO becomes responsible under HIPA as the trustee of the information. 3. PURPOSE: The purpose of the Joint Services/Access Policy (the "Policy") is to outline the responsibilities of ehealth and the APOs for the sharing of EHR Data. The Policy is a legally binding document. All APOs must agree to comply with the Policy as a pre-requisite to collecting and using the EHR Data. The purpose of this Executive Summary is to provide a summary of the Policy for the APOs. It is intended as a summary only and all APOs must review the Policy in its entirety. 2

4. RESPONSIBILITY: ehealth is responsible to protect the EHR Data for so long as it is in ehealth's system. Once the EHR Data is transferred through a system-to-system integration (EHR Integration) or viewed (EHR Viewer) by employees or contractors of the APO, all further use and disclosure is fully the APO's responsibility. It is the responsibility of each APO to ensure they have authority and consent to collect and use EHR Data as outlined in the Policy. The APOs must comply with HIPA (or other applicable laws) and their detailed responsibilities as set out in the Policy. The APOs will be asked to fill out a Privacy and Security checklist when registering for access to the EHR Viewer. APOs must review and complete this form carefully. ehealth will be relying on the accurate completion of the forms by the APOs. 5. RESTRICTION ON COLLECTION AND USE: The primary purpose for collection and use of the EHR Data by the APOs is to provide and support a healthcare service for the individual to whom the information relates. Collection and use of EHR Data for any other purpose is prohibited unless pre-approved specifically in the Policy or in writing by ehealth and the Ministry of Health. 6. CONSENT: The EHR Data is only to be collected and used by APOs for the primary purpose of providing and supporting a healthcare service for the individual to whom the information relates. The issue of consent and communication with patients is one that always needs to be addressed by the individual healthcare provider with the individual patient. ehealth recommends APOs and healthcare providers use implied or express consent rather than deemed consent as set out in HIPA. ehealth will support the APOs or healthcare provider's use of implied consent as follows: Ensure brochures and other communication materials are available for the APOs; Have information available for patients via the ehealth web-site; Answer questions from patients or healthcare providers by providing telephone support. Contact information is as follows: Mail: ehealth Privacy Service Suite 360, 10 Research Drive Regina, SK S4S 7J7 Phone: 1-800-667-1672 Email: PrivacyandAccess@eHealthsask.ca Fax: (306) 798-0897 3

Offer patient control mechanisms to patients to restrict access to their EHR Data. Current patient control mechanisms include: o Full Block this allows the patient to prevent any access to their EHR Data through the EHR Integration or EHR Viewer. o Masking this allows the patient to mask their EHR Data. A User can unmask the EHR Data where the patient expressly consents, in emergency circumstances, etc. In addition, on request from the patient, ehealth will provide a report to the patient showing who has viewed their information in the EHR Viewer. 7. NEED-TO-KNOW: All APOs must ensure all employees or contractors access and use information only on a strict need-to-know basis to provide or support patient care. 8. SAFEGUARDS: As a trustee, the APO must ensure that it has appropriate physical, organizational and technical safeguards in place as required by HIPA (or other applicable law). All APOs must ensure they follow all recommendations provided by ehealth for system requirements, etc. Assistance is available from the websites for the Saskatchewan Medical Association, College of Physicians & Surgeons, College of Pharmacy, and the Saskatchewan Office of the Information and Privacy Commissioner. 9. AUDITS: ehealth will log and track all access by Users and investigate if there is evidence of improper collection or use. On request, ehealth will provide an audit report to the APO showing the employees or contractors of that APO who have accessed personal health information through the EHR Viewer. 10. ENFORCEMENT: A breach of the Policy or HIPA (or other applicable law) is serious for both healthcare providers and the APO. Enforcement action may include: Investigation and suspension or termination of the healthcare provider's or APO's access to the EHR Initiative; Reporting the incident to the Professional Colleges or to the police for investigation HIPA includes criminal penalties with a fine of up to $50,000 and imprisonment of not more than one year; and/or Liability for any damages for claims from patients. 4

11. CHRONIC DISEASE MANAGEMENT QUALITY IMPROVEMENT PROGRAM ("CDM_QIP"): If you are a Physician participating in the CDM-QIP Program, please see the Clinical Best Practices at www.health.gov.sk.ca/cdm-qip regarding the completion of the CDM-QIP templates and forms. ***END*** 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information